bpssl - The Django SSL Support Application
The other day I released bpssl which is a Django application that helps you support HTTPS on your website. The main functionality is performing redirection for HTTPS only URLs and views. For instance, if a request for your login view '/login' is recieved over HTTP, the provided middleware can redirect the user to the equivalent HTTPS page.
Many people support this at the web server level but the pages that require SSL can change often and it is often easier to manage this at the application layer.
bpssl draws inspiration from the well known SSL Middleware snippets on http://www.djangosnippets.org . It roughly supports the features of the following snippets:
First install the
bpssl package using PIP:
$ pip install bpssl
$ easy_install bpssl
'beproud.django.ssl' to your INSTALLED_APPS in your
INSTALLED_APPS = ( 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.messages', # ... 'beproud.django.ssl', # ... )
'beproud.django.ssl.middleware.SSLRedirectMiddleware' to your MIDDLEWARE_CLASSES setting.
MIDDLEWARE_CLASSES = ( 'django.middleware.common.CommonMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', # ... 'beproud.django.ssl.middleware.SSLRedirectMiddleware', # ... )
Finally add SSL_URLS to your settings. SSL_URLS is a list of regular expressions that match Urls.
SSL_URLS = ( '^/login/', '^/purchase/' # ... )
Or if you prefer:
# In the age of Firesheep, you can never be too careful. SSL_URLS = ( '.*', )
There is also a ssl_view() decorator which allows you to attach redirection logic to individual views.
blog comments powered by Disqus